diff --git a/.github/workflows/docker-builds.yml b/.github/workflows/docker-builds.yml index 18fb6d8d2..e59bb3334 100644 --- a/.github/workflows/docker-builds.yml +++ b/.github/workflows/docker-builds.yml @@ -1,26 +1,37 @@ -name: Build and publish cfssl docker image +name: cfssl docker on: + workflow_dispatch: push: + branches: + - "master" tags: - - 'v*.*.*' - + - "v*" jobs: build-and-push-image: runs-on: ubuntu-latest permissions: contents: read packages: write + strategy: + matrix: + include: + # github container registry + - registry: "ghcr.io" + username: ${{ github.actor }} + password_secret: GITHUB_TOKEN + image: ghcr.io/cloudflare/cfssl + # docker test publish, todo: switch to service account + - registry: "" + username: nicky + password_secret: DOCKER_REGISTRY_TOKEN_NICKY + image: cfssl/cfssl steps: - name: Checkout repository uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Get tag - id: cfssl - run: echo "::set-output name=tag::$(git describe --tags HEAD)" - - name: Set up QEMU uses: docker/setup-qemu-action@v2 @@ -30,13 +41,19 @@ jobs: - name: Log in to the Docker hub uses: docker/login-action@v2 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - + registry: ${{ matrix.registry }} + username: ${{ matrix.username }} + password: ${{ secrets[matrix.password_secret] }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ matrix.image }} - name: Build and push uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64,linux/arm64,linux/s390x push: true - tags: cfssl:${{ steps.cfssl.outputs.tag }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index d22bf1946..21266f76e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,7 @@ -FROM --platform=${BUILDPLATFORM} golang:1.19.3 +FROM --platform=${BUILDPLATFORM} golang:1.20 + +LABEL org.opencontainers.image.source https://github.com/cloudflare/cfssl +LABEL org.opencontainers.image.description "Cloudflare's PKI toolkit" ARG TARGETOS ARG TARGETARCH